Cybersecurity and Phishing

Cybersecurity and Phishing.

Words that all IT professionals have known intimately for some time now.  In the past couple of years, it has unfortunately become mainstream news and a water cooler topic.  From global ransomware attacks like Wannacry launched for financial gain, to foreign countries hacking for political influence, the threat and need for strategic and protective action is at an all-time high and there are absolutely no signs of it letting up.  This has become a war with no faces and no true bull’s eye, other than the weak and unprotected.

With most of our clients living in the Small to Medium sized business space, here’s a common misconception we hear often.  “We’re so small, no one is looking to target us, so we’re fine.”

You. Are. Not. Fine.

There are no defined company sizes or profiles for the type of attacks that are occurring and will occur in the future.  These are intelligent software programs with algorithms that scan every nook and cranny of the internet.  This includes your network.  It doesn’t care that you’re an office of 4 people or 4000 people.  It doesn’t care that you don’t believe you have any information that they would deem as valuable.  All it cares about is that your network or PC has a vulnerability and their program found it.  Now all of your files are encrypted and you have a choice.  You can wipe away any information you may have had on that computer and start over, pray that some cybersecurity expert finds a way to crack the code or you can pay the ransom.  These are the choices of unprepared companies, all of the choices have real productivity consequences for the company and none of these choices are fun.

So, how can you prepare?  There are a variety of options available to help you protect yourself, but below are the absolute baseline steps you should take at any company, large or small:

  1. Cybersecurity Education for your Employees – DO THIS NOW.  This is absolutely our #1 recommendation.  The weakest and most vulnerable part of your network is ALWAYS your employees.  Email spoofing or Phishing is at an all-time high and is sometimes difficult to discern, even with a well-trained eye.  The more your employees are aware of the threat, the less power the threat will have over your employees.  You can lock down your entire network with the best technology and ultimately be undone by “Bob in Accounting” clicking on a malicious link and sharing his credentials with unsavory individuals.  Engage in cybersecurity training for your employees now, don’t wait!  Surround your company with a “Human Firewall”!
  2. Software Patch Management – Software companies, such as Microsoft, release scheduled patches, often monthly.  These patches fix general bugs in the software and also resolve security vulnerabilities.  Often times when these patches are applied, it requires a reboot of your PC and admittedly, the reminder to reboot never comes at a convenient time.  However, the importance of a reboot cannot be emphasized enough.  Any vulnerable PC is an open window for hackers.  Any delay in rebooting to get those security patches applied to your PC increases the time window and probability for the hacker’s program to seek and find your machine.
  3. Antivirus Software (AV) – This area of cybersecurity has evolved tremendously over the years.  In the past, you used whatever AV software that came with your PC.  This software would periodically download updated virus definitions, so it would know what to look for.  Well, that archaic model is non-effective in today’s cybersecurity climate.  The AV software of today has machine learning and behavioral analysis algorithms built in.  Suspicious behavior is immediately detected and allows for protection against Zero Day attacks.  A Zero Day vulnerability refers to a hole in software that is unknown to the software vendor. This security hole is then exploited by hackers before the software vendor becomes aware and hurries to fix it.
  4. Firewall Protection and Content Filtering – A firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.  By using this in conjunction with sophisticated content filtering, it will enable the users of your network to enjoy the benefits of the Internet while remaining protected from inappropriate or harmful content, maintaining productivity and compliance with applicable business and regulatory requirements.
  5. Incident Preparedness
    1. File/Data Backup – Being able to restore destroyed or encrypted data from a backup can save you time, money and heartache.  While I’m a believer of not storing any data, let alone corporate data, on your local PC, we all know it happens.  It does, however, come with the expectation that if your PC dies or gets hacked, that data is not backed up and is gone forever.  If you aren’t comfortable with this expectation, additional local PC backup software is one way to mitigate this risk. In addition, any shared folders that the PC has access to are also at risk. If those files are encrypted by the ransomware, then the entire company may come to a grinding halt. Make sure your file servers are backed up often, and can be restored quickly in the wake of an attack.
    2. Business Continuity Planning and Disaster Recovery (BCP/DR) – BCP refers to plans about how a business should plan for continuing in case of a disaster. DR refers to how information technology should recover in case of a disaster.  A good BCP/DR strategy helps ensure that a business can recover from an incident without a notable disruption to you or to your clients.

The 5Q Solution:  5Q can put together a Cybersecurity Plan that works for your organization, starting with this baseline and customizing from there. The key is not to procrastinate… if the window of vulnerability is open too long, it might end up being too late for you and your company’s data.